Solved

Exchange 2010 errors communicating with Domain Controllers

Posted on 2013-06-11
6
389 Views
Last Modified: 2013-08-11
I have three Hyper-V Servers all on one physical machine,
1. Domain Controller 1 running WIndows 2012
2. Domain Controller 2 Running Windows 2012
3. Exchange 2010 running Windows 2008 R2

after a few months running just fine, suddenly the Exchange server is complaining it cannot find the DC's.

I get the Application Error logs saying Event ID 2604 MSExchangeADAccess
Eventi ID 2103, 2114, and 2102.

I already looked at the Default Domain Security settings where you make sure it is the Local Domain Controllers policy and not just the Local Domain policy.

Then I reboot and it seems fine...for awhile. Any ideas?
0
Comment
Question by:garyoh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39236969
Hi

Did you check any DNS issues in the DC's. Check Network issues also. What is the primary and secondary DNS settings for the DC's.

Thanks
  Jai
0
 

Author Comment

by:garyoh
ID: 39238372
For the dc's, I have each one pointing to itself first and to the other second.
I did have a strange thing when I pinged the dc's from the exchange box by name: it pinged the IP v6 address and all boxes now have IP v6 disabled in the net adapter properties. Should I have IP  v6 on? I also see IP v6 entries in the DNS tables on both dc's. also when I run dcdiag, I do get some errors about replication. Should I have IP v6 all on or all off? And, if all off, should I manually delete all IP v6 entries in the DNS tables? Just curious.
0
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39238397
Disable the IPv6 and remove the entries also make sure you are able to resolve the dc from exchange. what replication errors you get from DC
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:garyoh
ID: 39238597
I did mention these are all Hyper-V instances on a single physical server, right? I don't know if that matters or not. I would not think so.

When I tried to ping the dc's from the exchange server, I get this:
Pinging DC2012-1.mydomain.local from [ipv6 address] with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.
ping statistics for [ipv6 address]:
sent=4, received = 0

when I run "dcdiag /s:DC2012-1", I get errors here:
"NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes in Filtered Set access rights for the naming context:
...all the DC stuff here"

That's it.

I did go into the DNS servers and remove the ip v6 entries from there except for two which are these:
in forward Look zones --> mydomain.local --> there is a "(same as parent folder) IPv6 (AAAA) [IPv6 Address] and a date"
Should those get deleted as well?

Thanks for your help
0
 

Accepted Solution

by:
garyoh earned 0 total points
ID: 39386549
We called Microsoft Tech Support and got them involved. The solution was completed by a Tech there with one of my techs. Unfortunately, I have no input on the final solution. Sorry.
0
 

Author Closing Comment

by:garyoh
ID: 39399511
No solution was provided except by MS.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question